Syslog configuration

The native Syslog client on the switch needs to know the location of a remote Syslog server. For that the server details needs to be configured on the device.

1. To configure the IP address and TLS port of the server use the following command:
   

   device(config)# logging host <ip> ssl-port <number>

   

   Note

   The <ip> is the reference identifier that identifies the IP address of the Syslog server, and must be represented in the CN or SAN field of the digital certificate presented by the server during TLS connection establishment.
2. TLS client on the device have the trusted root CA for any authentication of the X.509v3 digital certificate presented by the TLS server while the connection is being setup. Each TLS server's trusted root CA certificate has to be preinstalled on the device. The TLS server itself may be encapsulating high level audit protocol like Syslog, or authentication protocols like RADIUS or TACACS+. In order to install the root CA certificate, use the following command from the remote server that has the X.509v3 certificate installed:
   

   Remote# scp <root cert> user@<mlx ip>:ssltrustedcert

   There are three Root CA certificates which can be added to the device. Each Root CA imported to the device can be used by all the TLS server applications (Syslog, RADIUS, TACACS+), or Each Root CA can be used for each TLS server applications. None of the imported Root CA certificate is tied to any specific application.

   

   Note

   SCP command is applicable to all TLS server applications (Syslog, RADIUS, TACACS+).
3. To process the received Syslog message, and this can be in various ways. For instance, user may save it to a local file, forward to another application, or another host in the network.

The device disconnects from the the Syslog server, if the device does not have audit data to transmit for the default value of 132 minutes (2 hours and 12 minutes) which is based on the underlying TCP keepalive interval. There is no support to modify this timeout value. If the connection is lost, the Syslog client on the device will retry to establish the connection.

To have a successful handshake between certificate and TLS, consider following assumptions for the Syslog server.

1. It contains and sends the server certificate and corresponding intermediate CA certificate which signed the server certificate.
2. It supports TLS version 1.1 and higher.
3. It supports at-least one of the client supported cipher-suit.